Description:
Divya K Konoor with IBM reported a vulnerability in oslo.middleware.
Software using the CatchError class may include sensitive values in
Tracebacks resulting in their disclosure, for example tokens handled
by keystonemiddleware leaking into neutron error logs.
Proposed impact description...
Title: CatchErrors leaks sensitive values in oslo.middleware
Reporter: Divya K Konoor (IBM)
Products: oslo.middleware
Affects: <=2.8.0, >=3.0.0 <=3.8.0, >=3.9.0 <=3.19.0, ==3.20.0
Description:
Divya K Konoor with IBM reported a vulnerability in oslo.middleware.
Software using the CatchError class may include sensitive values in
Tracebacks resulting in their disclosure, for example tokens handled
by keystonemiddleware leaking into neutron error logs.